From: Ondrej Kozina <okozina@redhat.com>
To: linux-lvm@redhat.com
Cc: peljasz@yahoo.co.uk
Subject: Re: [linux-lvm] [Bulk] Re: lvm protected against crypt/luks
Date: Tue, 8 Mar 2016 17:09:49 +0100 [thread overview]
Message-ID: <56DEF94D.20306@redhat.com> (raw)
In-Reply-To: <56DEF183.4090603@yahoo.co.uk>
On 03/08/2016 04:36 PM, lejeczek wrote:
> On 08/03/16 14:14, Ondrej Kozina wrote:
>> On 03/08/2016 03:02 PM, lejeczek wrote:
>>> superb, thanks chaps,
>>> on keyfiles, would you know why this:
>>>
>>> cryptsetup luksOpen /dev/h300Int1/0 h300Int1.0_crypt
>>> /etc/crypttab.key --keyfile-offset 12
>>>
>>
>> IIUC it seems like missing -d/--key-file option in front
>> of "/etc/crypttab.key" string. Well it also depends on
>> actual content of your /etc/crypttab.key file. Does it
>> really contain backup of your keyslot passphrase (human
>> readable text data)? Or does it contain volume key for
>> your luks device (usually looks like binary data, bunch of
>> random bytes that really should not be human readable:))
>>
>> Regards
>> Ondrej
> many thanks Onrej,
> it seems I got it completely wrong, the concept of it, I
> thought the keyfile is pure randomness and I just simply
> pick up a chunk of it with the help of offest.
> But why then it works fine without offset, with no
> passphrase in keyfile at any time?
Ok, let's return back to the origin. How did you create your encrypted
device? Did you use cryptsetup luksFormat command? If so what options
did you pass to it? In a default mode luksFormat command generates a
random volume key for the device but also asks you for a passphrase. The
passphrase is later used in cryptsetup open command when activating the
encrypted device.
Anyway, if you have further questions this is proper list for
cryptsetup/dm-crypt discussions:
http://www.saout.de/mailman/listinfo/dm-crypt
O.
next prev parent reply other threads:[~2016-03-08 16:09 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-07 17:31 [linux-lvm] lvm protected against crypt/luks lejeczek
2016-03-07 20:03 ` John Stoffel
2016-03-08 11:12 ` Bryn M. Reeves
2016-03-08 14:02 ` [linux-lvm] [Bulk] " lejeczek
2016-03-08 14:14 ` Ondrej Kozina
2016-03-08 15:36 ` lejeczek
2016-03-08 16:09 ` Ondrej Kozina [this message]
2016-03-07 20:29 ` [linux-lvm] " f-lvm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DEF94D.20306@redhat.com \
--to=okozina@redhat.com \
--cc=linux-lvm@redhat.com \
--cc=peljasz@yahoo.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).